BDCOM. Restricting access to the web interface

I’ll give an example of how to allow connections to the BDCOM OLT web interface only from specified IP addresses; in a similar way, you can limit other traffic to the OLT, as well as traffic passing to users through the OLT.

Let’s connect to the device and go to configuration mode:

enable
config

Let’s create an extended access list in which we will allow addresses 10.0.50.200 and 10.0.50.201 to connect on port 80 (www) to 10.0.50.55 (this is the IP address of the OLT), then we will prohibit all other http traffic up to 10.0.50.55 and allow all non-http:

ip access-list extended OPERATOR
permit tcp 10.0.50.200 255.255.255.255 10.0.50.55 255.255.255.255 eq www
permit tcp 10.0.50.201 255.255.255.255 10.0.50.55 255.255.255.255 eq www
deny tcp any 10.0.50.55 255.255.255.255 eq www
permit ip any any

After creating the access list, it must be applied to the desired interface, since the OLT IP address in my case was assigned to the VLAN207 interface, then I applied to it:

interface VLAN207
ip access-group OPERATOR in

Now you can start the web server and save the changes:

ip http server
write all

See also my articles:
About BDCOM
BDCOM. Adding a user with limited rights

Leave a comment

Leave a Reply